Having been on vacation, I'm coming in very late in this.... Les Mikesell wrote: > On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton <bennett at peacefire.org> > wrote: <snip> >> OK but those are *users* who have their own passwords that they have >> chosen, presumably. User-chosen passwords cannot be assumed to be >> secure against a brute-force attack. What I'm saying is that if you're >> the only user, by my reasoning you don't need fail2ban if you just use a >> 12-character truly random password. > > But you aren't exactly an authority when you are still guessing about > the cause of your problem, are you? (And haven't mentioned what your > logs said about failed attempts leading up to the break in...). Further, that's a ridiculous assumption. Without fail2ban, or something like it, they'll keep trying. You, instead, Bennett, are presumably generating that "truly random" password[1] and assigning it to all your users[2], and not allowing them to change their passwords, and you will be changing it occasionally and informing them of the change.[3] Right? mark 1. How will you generate "truly random"? Clicks on a Geiger counter? There is no such thing as a random number generator. 2. Which, being "truly random", they will write down somewhere, or store it on a key, labelling the file "mypassword" or some such. 3. How will you notify them of their new password - in plain text?